01/07/2009 WED 14:44 FAX 12489888363 - — OSPTO ^j^^PIVPP 0002/010 

CENTRAL PAX CBNTER 

JAN 0 7 2009 

67108-363 PUSl 
Bu U2-28 

Amendmepts to the Claims; 

This listing of claims will replace all prior versions of claims in the application: 
Listing of Claims; 

1. (Original) An overlay network for maintaining traffic flow between a client and a server 
during a denial of service attack, comprising: a set of overlay nodes, coupled between the client 
and the server, wherein each overlay node comprises: a ranking module configured to rank the 
overlay nodes based on a performance metric, wherein an overlay node with a higher-ranking 
indicates that the overlay node has better performance for transfemng traffic to the server than 
overlay nodes with lower-rankings; and a probing module configured to probe a portion of the 
overlay nodes with higher-rankings more fi-equently than overlay nodes with lower-rankings 
during probing intervals. 

2. (Original) The overlay network as recited in claim 1, wherein each overlay node further 
comprises a path selection module, configured to dynamically select an overlay node with a 
highest-rankings to be included as part of a pathway for transferring traffic to the server. 

3. (Original) The overlay network as recited in claim 1, further comprising an access node, 
configured to authenticate traffic directed to the server from the client, and forward authenticated 
traffic to one or more of die overlay nodes. 

4. (Original) The overlay network as recited in claim 1, further comprising one or more 
target nodes, configured to transfer the traffic from one or more of the overlay nodes directly to 
the server, the one or more target nodes having exclusive knowledge of an identity for the server. 

5. (Original) The overlay network as recited in claim 1, wherein each overlay node is 
virtually connected to each other. 
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6. (Original) The overlay network as recited in claim 1, wherein the performance metric 
includes at least one of: available bandwidth, latency, loss rate, and jitter; and wherein an overlay 
node with a higher-ranking indicates that the overiay node has better performance for transferring 
traffic to the server than overiay nodes with lower-rankings, the better performance including at 
least one of: more available bandwidth, less jitter, lower latency, and less packet loss. 

7. (Original) The overlay network as recited in claim 1, wherein the ranking module is 
further configured to determine whether the portion of overlay nodes with higher-rankings 
continue to have better performance for transferring traffic to the server than one or more of the 
overlay nodes v/ith lower-rankings after a probing interval. 

8. (Original) The overlay network as recited in claim 1, wherein the ranking module is 
configured to demote the rankings of the portion of overlay nodes with higher-rankings to lower- 
rankings if the portion of overlay nodes with higher-rankings have worse performance for 
transferring traffic to the server than one or more of the overlay nodes with lower-rankings after a 
probing interval. 

9. (Original) The overlay network as recited in claim 1, wherein the traffic is data. 

10. (Original) A method for evaluating overlay nodes in a network to mitigate against a 
denial of service attack, the method comprising: ranking the overlay nodes based on a 
performance metric, wherein an overlay node with a higher-ranking indicates that the overlay 
node has better performance for transferring traffic to a target than overiay nodes with lower- 
rankings; and probing a portion of the overlay nodes v\dth higher-rankings more frequently than 
overlay nodes with lower-rankings during probing intervals, 

IL (Original) The method as recited in claim 10, wherein the performance metric includes at 
least one of: available bandwidth, latency, loss rate, and jitter. 
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12. (Original) The method as recited in claim 10» wherein an overlay node with a higher- 
ranking indicates that the overlay node has better performance for transferring traffic to a target 
than overlay nodes with lower-rankings, the better performance including at least one of: more 
available bandwidth* less jitter, lower latency, and less packet loss. 

13. (Original) The method as recited in claim 10, wherein the portion of the overlay nodes 
with higher-rankings includes one or more overlay nodes. 

14. (Original) The method as recited in claim 10, wherein the target includes at least one of: 
an overlay node, an overlay node v^ith exclusive access to a host server, and a host server. 

15. (Original) The method as recited in claim 10, further comprising determining whether 
the portion of overlay nodes with higher-rankings continue to have better performance for 
transferring traffic to a target than one or more of the overlay nodes with lower-rankings after a 
probing interval. 

16. (Original) The method as recited in claim 10, further comprising determining whether 
the portion of overlay nodes with higher-rankings continue to have better performance for 
transferring traffic to a target than one or more of the overlay nodes with lower-rankings after a 
probing interval; and demoting the rankings of the portion of overlay nodes with higher-rankings 
to lower-rankings if the portion of overlay nodes vdth higher-rankings have worse performance 
for transferring traffic to a target than one or more of the overlay nodes with lower-rankings. 

17. (Original) The method as recited in claim 10, further comprising determining whether 
the portion of overlay nodes with higher-rankings continue to have better performance for 
transferring traffic to a target than one or more of the overlay nodes with lower-rankings after a 
probing interval; and promoting the rankings of one or more of the overlay nodes with lower- 
rankings to higher-rankings, if the portion of overlay nodes with higher-rankings have worse 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings. 
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18. (Original) The method as recited in claim 10, further comprising selecting the portion of 
the overlay nodes with higher-rankings to be included as part of a pathway for transferring traffic 
to a target. 

19. (Original) One or more computer-readable media comprising computer executable 
instructions that, when executed, direct a computer to: evaluate overlay nodes in an overlay 
network; rank the overlay nodes based on a performance metric, wherein an overlay node with a 
higher-ranking indicates that the overlay node has better performance for transferring traffic to a 
target than overlay nodes with lower-rankings; and probe a portion of the overlay nodes with 
higher-rankings more frequently than overlay nodes with lower-rankings during probing 
intervals. 

20. (Original) One or more computer-readable media as recited in claim 19, further 
comprising computer executable instructions that, when executed, direct the computer to: 
determine whether the portion of overlay nodes with higher-rankings continue to have better 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings after a probing interval. 

2L (Original) One or more computer-readable media as recited in claim 19, further 
comprising computer executable instructions that, when executed, direct the computer to: 
determine whether the portion of overlay nodes with higher-rankings continue to have better 
performance for transferring traffic to a target than one or more of the overlay nodes with lower- 
rankings after a probing interval; and demote the rankings of the portion of overlay nodes with 
higher-rankings to lower-rankings if the portion of overlay nodes with higher-rankings have 
worse performance for transferring traffic to a target than one or more of the overlay nodes with 
lower-rankings. 
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22. (Currently Amended) In a network comprising overlay nodes interspersed between a 
server and client, a system for mitigating against a denial of service attack, the system 
comprising: at least one overlay node: means for probing overlay nodes in the network during a 
probing interval to determine connectivity levels of each overlay node; the at least one overlay 
node comprising means for ranking each overlay node wherein an overlay node having a highest- 
ranking has a highest connectivity potential for transfening traffic to the server; means for 
selecting the overlay node with the highest-ranking to be included as part of a pathway for 
transferring the traffic to the server; and means for probing a portion of the overlay nodes with 
higher-rankings more frequently than other overlay nodes during subsequent probing intervals, 

23. (Original) An overlay network to mitigate a Denial of Service attack, comprising: access 
nodes configured to authenticate traffic directed to a server from a client; target nodes configured 
to transfer the traffic previously authenticated by the access nodes to the server; and overlay 
nodes, coupled between the access nodes and the target nodes, configured to route the traffic 
from the access nodes to the target nodes by selecting a best end-to-end path between the client 
and the server based in accordance with at least one perfotTnance metric. 

24. (Original) The overlay networic as recited in claim 23, wherein each overlay node is 
configured to dynamically select, a best target node for accessing the server and a best path to 
reach that target node. 

25. (Original) The overlay network as recited in claim 24, wherein the best path is selected 
via a best next hop measured in terms of the at least one performance metric. 

26. (Original) The overlay network as recited in claim 23, wherein each overlay node 
comprises: a ranking module configured to rank the overlay nodes based on the performance 
metric, wherein an overiay node with a higher-ranking indicates that tlie overlay node has better 
performance for transferring traffic to one of the target nodes than overlay nodes with lower- 
ranldngs; and a probing module configured to probe a portion of the overlay nodes with higher- 
rankings more frequently than overlay nodes with lower-rankings during probing intervals. 
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27. (Original) In an overlay network, a node for maintaining traffic flow between a client and 
a server during a denial of service attack, the node comprising: a ranking module configured to 
rank overlay nodes coupled between the client and the server based on a performance metric, 
wherein overlay nodes with a higher-ranking indicates that the overlay nodes have better 
performance for transferring traffic to the server than overlay nodes with lower-rankings; and a 
probing module configured to probe a portion of the overlay nodes with higher-rankings more 
frequently than overlay nodes with lower-rankings during probing intervals. 
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